From owner-freebsd-security@FreeBSD.ORG Fri Apr 1 15:45:23 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3EDBB106566C for ; Fri, 1 Apr 2011 15:45:23 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: from oproxy1-pub.bluehost.com (oproxy1-pub.bluehost.com [66.147.249.253]) by mx1.freebsd.org (Postfix) with SMTP id 07A368FC17 for ; Fri, 1 Apr 2011 15:45:22 +0000 (UTC) Received: (qmail 15455 invoked by uid 0); 1 Apr 2011 15:45:22 -0000 Received: from unknown (HELO box543.bluehost.com) (74.220.219.143) by cpoproxy1.bluehost.com with SMTP; 1 Apr 2011 15:45:22 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=apotheon.com; h=Date:From:To:Subject:Message-ID:Mail-Followup-To:References:Mime-Version:Content-Type:Content-Disposition:In-Reply-To:User-Agent:X-Identified-User; b=VwVRJ1IG5YsUNhCIIO1QHbK+xbpPJx18sfVqUC1lP9S1mWhoXFNDLBqNH0+UbPwA0zy37ayiaXqU2Tp7XBLbgsTMK0MEu6HZVwwdm2OHYBkcHTdioKyd1UlXYdTcbnEn; Received: from c-24-8-180-234.hsd1.co.comcast.net ([24.8.180.234] helo=kukaburra.hydra) by box543.bluehost.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from ) id 1Q5gXI-0007Dc-QU for freebsd-security@freebsd.org; Fri, 01 Apr 2011 09:45:21 -0600 Received: by kukaburra.hydra (sSMTP sendmail emulation); Fri, 01 Apr 2011 09:33:01 -0600 Date: Fri, 1 Apr 2011 09:33:01 -0600 From: Chad Perrin To: freebsd-security Message-ID: <20110401153300.GA85392@guilt.hydra> Mail-Followup-To: freebsd-security References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Qxx1br4bt0+wmkIi" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i X-Identified-User: {2737:box543.bluehost.com:apotheon:apotheon.org} {sentby:smtp auth 24.8.180.234 authed with ren@apotheon.org} Subject: Re: SSL is broken on FreeBSD X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Apr 2011 15:45:23 -0000 --Qxx1br4bt0+wmkIi Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Apr 01, 2011 at 03:33:15PM +0100, Istv=E1n wrote: >=20 > FreeBSD ships OpenSSL but it is broken because there is no CA. Right, > it is like shipping a car without wheels, I suppose. Err . . . now. SSL isn't broken, any more than vi is broken just because it doesn't ship with text files for you to edit. It would be more like shipping a car without giving you a list of roads on which the manufacturer suggests you use it. >=20 > Is there a reason to do this? I don't know. Maybe the guys who made that decision thought that users should be able to make their own decisions about who to trust, rather than relying on Verisign to make that decision for them. I'm just speculating wildly -- I actually have no idea. --=20 Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] --Qxx1br4bt0+wmkIi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAk2V8CwACgkQ9mn/Pj01uKW7qgCdEfAXQPBGGqw0hZ7qYW7B4ZXV JL0An2qRBQ52LqT2WWbo56RNjXWBBOcy =3hU6 -----END PGP SIGNATURE----- --Qxx1br4bt0+wmkIi--